36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
# File 'modules/profile/manifests/aptrepo/wikimedia.pp', line 36
class profile::aptrepo::wikimedia (
Stdlib::Fqdn $primary_server = lookup('aptrepo_server'),
Array[Stdlib::Fqdn] $secondary_servers = lookup('aptrepo_servers_failover'),
String $aptrepo_vhost = lookup('aptrepo_hostname'),
Stdlib::Unixpath $public_basedir = lookup('profile::aptrepo::wikimedia::basedir'),
Stdlib::Unixpath $private_basedir = lookup('profile::aptrepo::private::basedir'),
Stdlib::Unixpath $homedir = lookup('profile::aptrepo::wikimedia::homedir'),
String $gpg_user = lookup('profile::aptrepo::wikimedia::gpg_user'),
Optional[String] $gpg_pubring = lookup('profile::aptrepo::wikimedia::gpg_pubring', {'default_value' => undef}),
Optional[String] $gpg_secring = lookup('profile::aptrepo::wikimedia::gpg_secring', {'default_value' => undef}),
Optional[Integer] $private_repo_port = lookup('profile::aptrepo::private::port', {'default_value' => 8080}),
){
ferm::service { 'aptrepos_public_http':
proto => 'tcp',
port => '(http https)',
}
ferm::service { 'aptrepos_private_http':
proto => 'tcp',
port => "(${private_repo_port})",
srange => '$DOMAIN_NETWORKS',
}
class { 'aptrepo::common':
homedir => $homedir,
basedir => $public_basedir,
gpg_user => $gpg_user,
gpg_secring => $gpg_secring,
gpg_pubring => $gpg_pubring,
}
# Public repo, served by nginx
aptrepo::repo { 'public_apt_repository':
basedir => $public_basedir,
incomingdir => 'incoming',
distributions_file => 'puppet:///modules/aptrepo/distributions-wikimedia',
}
# Private repo, served by Apache
aptrepo::repo { 'private_apt_repository':
basedir => $private_basedir,
incomingdir => 'incoming',
distributions_file => 'puppet:///modules/aptrepo/distributions-private',
}
$private_reprepro_wrapper = @("SCRIPT" /$)
#!/bin/bash
REPREPRO_BASE_DIR=${private_basedir} /usr/bin/reprepro "$@"
|SCRIPT
file { '/usr/local/sbin/private_reprepro':
ensure => present,
owner => 'root',
group => 'root',
mode => '0500',
content => $private_reprepro_wrapper,
}
class { 'aptrepo::tftp': }
include ::profile::backup::host
# The repository data
backup::set { 'srv-wikimedia': }
class { 'aptrepo::rsync':
primary_server => $primary_server,
secondary_servers => $secondary_servers,
}
if $primary_server == $::fqdn {
monitoring::service { 'https':
description => 'HTTPS',
check_command => 'check_ssl_http_letsencrypt_ocsp!apt.wikimedia.org',
notes_url => 'https://wikitech.wikimedia.org/wiki/APT_repository',
}
$motd_ensure = 'absent'
} else {
$motd_ensure = 'present'
}
motd::script { 'inactive_warning':
ensure => $motd_ensure,
priority => 1,
content => template('profile/install_server/inactive.motd.erb'),
}
}
|